Tuesday, 13 July 2021

Questions (142)

David Cullinane

Question:

142. Deputy David Cullinane asked the Minister for Health his plans to modernise and integrate the IT infrastructure of the HSE and his Department; and if he will make a statement on the matter. [37544/21]

View answer

Written answers (Question to Health)

In the context of planned ICT modernisation and integration, it is appropriate to respond to the Deputy's question with regard to the continued response to the ransomware attack.

The Department of Health and the Health Service Executive continue to engage cyber security specialists to forensically examine and restore health system functionality. The Department of Health continues to liaise closely with the National Cyber Security Centre, the Office of the Government Chief Information Officer, security partners and with colleagues across the Public Service to ensure that best practice is followed as it relates to all aspects of cyber security.

With regard to the Health Service Executive, in the wake of the recent ransomware attack, the HSE has deployed additional security toolsets and capabilities and applied recommendations from external consultants engaged following the ransomware attack. The HSE continues to engage with the National Cyber Security Centre and, with the support of my department, will continue to invest strategically in technical infrastructure, cyber defences and the resources necessary to protect the systems and data that are vital to the safe operation of the health system.

The HSE has deployed additional expertise, resources and technology to provide enhanced monitoring of systems and networks. This is considered an interim measure as they procure a permanent Security Operations Centre to provide security and threat incidence monitoring and response including:

- monitoring and alerting on portals and software;

- monitoring and incident management of all devices on the network to ensure that all devices are compliant with rules/policies;

- threat incident response including triage, close and/or escalation.

Improved security measures have already been put in place within the Department of Health ICT systems. A complete security review of the ICT infrastructure is currently being finalised and specialised software has been installed to mitigate against malicious software, and to provide early warning notifications of same. The system is fully monitored, providing for a rapid response to any notified incidents.

Inevitably, some planned health systems integration activities will require to be re-evaluated and re-planned in the aftermath of the ransomware attack.  Health systems cyber security and disaster recovery protocols will be informed by learnings from the recent criminal ransomware cyberattack. In keeping with procedures on any critical incident, post incident review findings and recommendations will inform the process of continuous improvement. When further planning health ICT systems modernisation and activities, both the Department of Health and the Health Service Executive will be informed by recommendations made by the National Cyber Security Centre and post-incident reporting.